automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-02 20:10:18 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-02 20:10:18 +0000
commit: 4a7a31cd273411ec6a52714d6720c9e9b11f7186 (patch)
tree: 06340b7c3e6286494a5e8d3b8b6aa457ef59a515 /data/CVE
parent: e45b3beaffa0271da21ba0ecd727778d2c6e0b8a (diff)
5 files changed, 56 insertions, 49 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 34c1d56b70..3a5c822c26 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -3776,8 +3776,8 @@ CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in A
 	NOT-FOR-US: Apple Printing
 CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...)
 	NOT-FOR-US: Apple Password Server
-CVE-2010-3782
-	RESERVED
+CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...)
+	TODO: check
 CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly pro ...)
 	- postgresql-9.0 9.0.1-1
 CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 18d13e1fb1..b345c43e49 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,7 @@
+CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
+	TODO: check
+CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
+	TODO: check
 CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
 	- zabbix <unfixed>
 	[buster] - zabbix <no-dsa> (Minor issue)
@@ -1333,8 +1337,7 @@ CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request fu
 	NOT-FOR-US: Monitorix
 CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...)
 	NOT-FOR-US: Monitorix
-CVE-2013-7062 [XSS]
-	RESERVED
+CVE-2013-7062 (Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used i ...)
 	- zope2.12 <removed> (low)
 	[wheezy] - zope2.12 <no-dsa> (Minor issue)
 	- zope2.13 <not-affected> (Vulnerable code not present)
@@ -3535,8 +3538,7 @@ CVE-2013-6285 (The search component in the Treasurer application in Tyler Techno
 CVE-2013-6275 (Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earl ...)
 	- php-horde-ingo 3.1.3-1 (bug #727669)
 	- ingo1 <not-affected> (Affected code not present)
-CVE-2013-6242
-	RESERVED
+CVE-2013-6242 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...)
 	NOT-FOR-US: Open-Xchange
@@ -6974,8 +6976,7 @@ CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intran
 	NOT-FOR-US: Owl Intranet Knowledgebase
 CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11. ...)
 	NOT-FOR-US: Claroline
-CVE-2013-4752
-	RESERVED
+CVE-2013-4752 (Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5,  ...)
 	NOT-FOR-US: Symfony HttpFoundation component
 CVE-2013-4751 (php-symfony2-Validator has loss of information during serialization ...)
 	NOT-FOR-US: Symfony Validator component
@@ -7574,8 +7575,7 @@ CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 	- qemu-kvm <removed> (low)
 	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4532
-	RESERVED
+CVE-2013-4532 (Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could  ...)
 	- qemu 2.1+dfsg-1 (low; bug #739589)
 	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
 	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -9479,12 +9479,12 @@ CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of
 	NOT-FOR-US: Apple iOS
 CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...)
 	NOT-FOR-US: AhnLab V3 Internet Security
-CVE-2013-3946
-	RESERVED
-CVE-2013-3945
-	RESERVED
-CVE-2013-3944
-	RESERVED
+CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 ...)
+	TODO: check
+CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a ...)
+	TODO: check
+CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.3 ...)
+	TODO: check
 CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
 	NOT-FOR-US: DotNetNukeDot
 CVE-2013-3942
@@ -9499,10 +9499,10 @@ CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attac
 	NOT-FOR-US: XnView
 CVE-2013-3937
 	RESERVED
-CVE-2013-3936
-	RESERVED
-CVE-2013-3935
-	RESERVED
+CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before  ...)
+	TODO: check
+CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...)
+	TODO: check
 CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as use ...)
 	NOT-FOR-US: Kingsoft Office 2013
 CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joom ...)
@@ -10233,11 +10233,11 @@ CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in
 CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management I ...)
 	NOT-FOR-US: Intelligent Platform Management Interface
 CVE-2013-3621
-	RESERVED
-CVE-2013-3620
-	RESERVED
-CVE-2013-3619
-	RESERVED
+	REJECTED
+CVE-2013-3620 (Hardcoded WSMan credentials in Intelligent Platform Management Interfa ...)
+	TODO: check
+CVE-2013-3619 (Intelligent Platform Management Interface (IPMI) with firmware for Sup ...)
+	TODO: check
 CVE-2013-3618
 	RESERVED
 CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authe ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index d2998c266c..0ead659f4a 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -15135,8 +15135,8 @@ CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php i
 	NOT-FOR-US: WordPress plugin Style It
 CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in  ...)
 	NOT-FOR-US: WordPress plugin SS Downloads
-CVE-2014-4553
-	RESERVED
+CVE-2014-4553 (Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-galler ...)
+	TODO: check
 CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in library/includes/payment/p ...)
 	NOT-FOR-US: WordPress plugin Spotlight
 CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in th ...)
@@ -26270,8 +26270,7 @@ CVE-2014-0163 (Openshift has shell command injection flaws due to unsanitized da
 CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service  ...)
 	- glance 2014.1-1
 	[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
-CVE-2014-0161
-	RESERVED
+CVE-2014-0161 (ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify tha ...)
 	NOT-FOR-US: ovirt-engine-sdk-python
 CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1 ...)
 	{DSA-2896-1}
@@ -26488,8 +26487,7 @@ CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library
 	- keystone 2013.1.1-2
 	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient
-CVE-2014-0104
-	RESERVED
+CVE-2014-0104 (In fence-agents before 4.0.17 does not verify remote SSL certificates  ...)
 	- fence-agents 4.0.17-1 (low; bug #764801)
 	[jessie] - fence-agents <no-dsa> (Minor issue)
 	[wheezy] - fence-agents <no-dsa> (Minor issue)
@@ -26717,8 +26715,7 @@ CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x8
 	[wheezy] - linux <not-affected> (Introduced in 3.5)
 	- linux-2.6 <not-affected> (Introduced in 3.5)
 	NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
-CVE-2014-0048 [multiple files downloaded over HTTP and executed or used unsafely]
-	RESERVED
+CVE-2014-0048 (An issue was found in Docker before 1.6.0. Some programs and scripts i ...)
 	- docker.io 1.6.0+dfsg1-1
 	NOTE: According to Red Hat bug no longer present in 1.5
 CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ve ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index a8c398db0f..d357f3d110 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
+	TODO: check
 CVE-2019-20224
 	RESERVED
 CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected  ...)
@@ -8,8 +10,8 @@ CVE-2019-20221 (In Support Incident Tracker (SiT!) 3.67, Load Plugins input in t
 	NOT-FOR-US: Support Incident Tracker
 CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter in th ...)
 	NOT-FOR-US: Support Incident Tracker
-CVE-2019-20219
-	RESERVED
+CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...)
+	TODO: check
 CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
 	- sqlite3 3.30.1+fossil191229-1
 	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
@@ -12944,22 +12946,19 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925
 	NOTE: https://seclists.org/oss-sec/2019/q4/101
 	NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM
-CVE-2019-14864
-	RESERVED
+CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...)
 	- ansible 2.9.2+dfsg-1 (low; bug #943768)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
 	NOTE: https://github.com/ansible/ansible/issues/63522
 	NOTE: https://github.com/ansible/ansible/pull/63527
-CVE-2019-14863
-	RESERVED
+CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0,  ...)
 	{DLA-1995-1}
 	- angular.js 1.5.3-2 (bug #942833)
 	NOTE: https://snyk.io/vuln/npm:angular:20150807
 	NOTE: https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
 	NOTE: https://github.com/angular/angular.js/pull/12524
-CVE-2019-14862
-	RESERVED
+CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta, where  ...)
 	- node-knockout <unfixed> (unimportant; bug #943560)
 	NOTE: https://github.com/knockout/knockout/issues/1244
 	NOTE: https://github.com/knockout/knockout/pull/2345
@@ -12973,8 +12972,7 @@ CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html
 CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...)
 	NOT-FOR-US: Syndesis
-CVE-2019-14859 [DER encoding is not being verified in signatures]
-	RESERVED
+CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, where it  ...)
 	{DSA-4588-1 DLA-1978-1}
 	- python-ecdsa 0.13.3-1
 	NOTE: https://github.com/warner/python-ecdsa/issues/114
@@ -23925,8 +23923,8 @@ CVE-2019-10777
 	RESERVED
 CVE-2019-10776
 	RESERVED
-CVE-2019-10775
-	RESERVED
+CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful exploitati ...)
+	TODO: check
 CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command injection vulner ...)
 	TODO: check
 CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...)
@@ -25379,8 +25377,7 @@ CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x be
 	NOTE: When fixing this issue is needed to make the fix complete with
 	NOTE: https://github.com/ansible/ansible/pull/63351 to not open
 	NOTE: CVE-2019-14856.
-CVE-2019-10205
-	RESERVED
+CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account tokens i ...)
 	NOT-FOR-US: Red Hat Quay
 CVE-2019-10204
 	RESERVED
@@ -25574,8 +25571,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python
 	NOTE: https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff
 CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnera ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2019-10158
-	RESERVED
+CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An improp ...)
 	NOT-FOR-US: infinispan
 CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did  ...)
 	NOT-FOR-US: Keycloak
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 018c5a3815..83192f2f8a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,17 @@
+CVE-2020-5200
+	RESERVED
+CVE-2020-5199
+	RESERVED
+CVE-2020-5198
+	RESERVED
+CVE-2020-5197
+	RESERVED
+CVE-2020-5196
+	RESERVED
+CVE-2020-5195
+	RESERVED
+CVE-2020-5194
+	RESERVED
 CVE-2020-5193
 	RESERVED
 CVE-2020-5192
author	security tracker role <sectracker@soriano.debian.org>	2020-01-02 20:10:18 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-02 20:10:18 +0000
commit	4a7a31cd273411ec6a52714d6720c9e9b11f7186 (patch)
tree	06340b7c3e6286494a5e8d3b8b6aa457ef59a515 /data/CVE
parent	e45b3beaffa0271da21ba0ecd727778d2c6e0b8a (diff)